Confidentiality of Personal Data Protected by Professional secrecy
While the data itself is not usually protected by the GDPR, this is different for data that is subject to professional secrecy or for which there is a special obligation of secrecy for other reasons. The obligation of secrecy may result from Union law, Member State law or statutory law. Corresponding regulations are:
Articles: 14 V d, 28 III b, 38 V, 54 II and 76 GDPR.
Recitals: 75 and 85 (1) GDPR.
For all other personal data, the (less strict) principle of integrity and confidentiality applies [Tile DS.15].
Conversely, however, expectations of confidentiality on the part of the controller or other persons may also conflict with the rights of the data subject [Tile DSR.05]. For example, the data subject's right to information and the data subject's right of access may conflict with the lawyer-client privilege [see § 29 I/II of the German Federal Data Protection Act]. The lawyer-client privilege in turn protects the rights of the client. In this case, the data subject's data protection rights conflict with the lawyer's duty of confidentiality and the client's expectations of confidentiality - an example of the multidimensionality of data processing that data protection law has to deal with. On the multidimensionality of fundamental rights, see in particular Tile CO.01.